package com.android.webserver.security;

import android.util.Log;

import com.android.webserver.tornado.HTTP;
import com.android.webserver.tornado.Request;
import com.android.webserver.tornado.Response;

/**
 * @author Chinmay Soman
 *
 */

public class HSTS {
	static public boolean verifyRequest (Request request, Response response) {
		String url = request.getRequestURL();
		if (getProtocol(url).compareToIgnoreCase("https") == 0) {
			response.addHeader("Strict-Transport-Security max-age=500;");
		} else {
			response.setHTTPStatusCode(HTTP.MOVED);
			response.addHeader("Location https" + removeProtocol(url));
			Log.i("WebServer", "******* Redirecting to HTTPS *******");
			return false;
		}
		return true;
	}
	
	static String getProtocol (String url) {
		return url.substring(0, url.indexOf(":"));
	}
	
	static String removeProtocol (String url) {
		return url.substring(url.indexOf(":"));
	}
}
